I will be publishing an Android application for a client in the coming weeks and need to look at how to secure the app
At the moment I am currently running Proguard
I am not concerned about the resources (xml, images) what I need to protect is the source.
Apart from Proguard is there anything else I can do?
Thanks B
there are tools to disassemble your apk file. Proguard is a must-have, however, it doesn't mean absolute security. The proguard just makes the decompiled codes not as readable as the source codes, so it needs much more time and patience to analyse the codes. Basically, it's enough, if you concern a higher security, I suggest:
write your core algorithm in C, and call it via JNI.
encrypt your sensitive data or not store it locally.
break down your methods into fragments , to make it more difficulty to read after decompilation.
When you build an Android app, the Java sources (.java files) are compiled into byte code (.class files). It is the class files that become part of the final app .apk file; the source .java files are not included.
The apk is built using a fairly complex process. First the java files are compiled to class files and then the class files are fed into a dex compiler to create code for the dalvik machine. So even if you use a de-dexer to decompile the apk, It is very unlikely anyone can ever read your actual source code :)
However you use pro-guard as well to further obfuscate your code. I dont think there are better tools than pro guard that can be used
